There is a new version of the creative FakeBank Android malware that intercepts victims’ calls to their banks and redirects them to scammers.
The trojan is one of the most creative android malware threatening the market. FakeBank operates by fooling customers using fake login screens inserted on top of legitimate banking apps.
The innovative new version not only lets scammers intercept banking calls made by customers by switching the dialed number with a special one pre-configured in the configuration file, but also enables them to actually make calls to customers using a special number, which will come up on users’ screen as if their bank is calling them.
This lets these scammers fool customers into giving away their banking information whenever they want it.
This new variant is allegedly only active in South Korea at the moment, according to a report by Symantec researchers, who have discovered the trojan in 22 apps so far via social media links and third-party app stores, targeting Korean bank clients.
In the past, the trojan has been able to whitelist its process to remain active while the users’ phone was in sleep mode and has also used TeamViewer to grant attackers full access to the device.
The trojan is one of the most creative android malware threatening the market. FakeBank operates by fooling customers using fake login screens inserted on top of legitimate banking apps.
The innovative new version not only lets scammers intercept banking calls made by customers by switching the dialed number with a special one pre-configured in the configuration file, but also enables them to actually make calls to customers using a special number, which will come up on users’ screen as if their bank is calling them.
This lets these scammers fool customers into giving away their banking information whenever they want it.
This new variant is allegedly only active in South Korea at the moment, according to a report by Symantec researchers, who have discovered the trojan in 22 apps so far via social media links and third-party app stores, targeting Korean bank clients.
In the past, the trojan has been able to whitelist its process to remain active while the users’ phone was in sleep mode and has also used TeamViewer to grant attackers full access to the device.